]>
Commit | Line | Data |
---|---|---|
d5ebcf65 YW |
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | ||
3 | #include "sd-dhcp6-client.h" | |
4 | ||
5 | #include "hashmap.h" | |
6 | #include "in-addr-prefix-util.h" | |
7 | #include "networkd-address-generation.h" | |
8 | #include "networkd-address.h" | |
9 | #include "networkd-dhcp-prefix-delegation.h" | |
10 | #include "networkd-dhcp6.h" | |
11 | #include "networkd-link.h" | |
12 | #include "networkd-manager.h" | |
13 | #include "networkd-queue.h" | |
14 | #include "networkd-radv.h" | |
15 | #include "networkd-route.h" | |
16 | #include "parse-util.h" | |
17 | #include "string-util.h" | |
18 | #include "strv.h" | |
19 | ||
20 | bool link_dhcp6_pd_is_enabled(Link *link) { | |
21 | assert(link); | |
22 | ||
23 | if (!link->network) | |
24 | return false; | |
25 | ||
26 | return link->network->dhcp6_pd; | |
27 | } | |
28 | ||
29 | bool dhcp6_pd_is_uplink(Link *link, Link *target, bool accept_auto) { | |
30 | assert(link); | |
31 | assert(target); | |
32 | ||
33 | if (!link_dhcp6_pd_is_enabled(link)) | |
34 | return false; | |
35 | ||
36 | if (link->network->dhcp6_pd_uplink_name) | |
37 | return streq_ptr(target->ifname, link->network->dhcp6_pd_uplink_name) || | |
38 | strv_contains(target->alternative_names, link->network->dhcp6_pd_uplink_name); | |
39 | ||
40 | if (link->network->dhcp6_pd_uplink_index > 0) | |
41 | return target->ifindex == link->network->dhcp6_pd_uplink_index; | |
42 | ||
43 | if (link->network->dhcp6_pd_uplink_index == UPLINK_INDEX_SELF) | |
44 | return link == target; | |
45 | ||
46 | assert(link->network->dhcp6_pd_uplink_index == UPLINK_INDEX_AUTO); | |
47 | return accept_auto; | |
48 | } | |
49 | ||
50 | bool dhcp6_lease_has_pd_prefix(sd_dhcp6_lease *lease) { | |
51 | uint32_t lifetime_preferred_sec, lifetime_valid_sec; | |
52 | struct in6_addr pd_prefix; | |
53 | uint8_t pd_prefix_len; | |
54 | ||
55 | if (!lease) | |
56 | return false; | |
57 | ||
58 | sd_dhcp6_lease_reset_pd_prefix_iter(lease); | |
59 | ||
60 | return sd_dhcp6_lease_get_pd(lease, &pd_prefix, &pd_prefix_len, &lifetime_preferred_sec, &lifetime_valid_sec) >= 0; | |
61 | } | |
62 | ||
63 | static void link_remove_dhcp6_pd_prefix(Link *link, const struct in6_addr *prefix) { | |
64 | void *key; | |
65 | ||
66 | assert(link); | |
67 | assert(link->manager); | |
68 | assert(prefix); | |
69 | ||
70 | if (hashmap_get(link->manager->links_by_dhcp6_pd_prefix, prefix) != link) | |
71 | return; | |
72 | ||
73 | hashmap_remove2(link->manager->links_by_dhcp6_pd_prefix, prefix, &key); | |
74 | free(key); | |
75 | } | |
76 | ||
77 | static int link_add_dhcp6_pd_prefix(Link *link, const struct in6_addr *prefix) { | |
78 | _cleanup_free_ struct in6_addr *copy = NULL; | |
79 | int r; | |
80 | ||
81 | assert(link); | |
82 | assert(prefix); | |
83 | ||
84 | copy = newdup(struct in6_addr, prefix, 1); | |
85 | if (!copy) | |
86 | return -ENOMEM; | |
87 | ||
88 | r = hashmap_ensure_put(&link->manager->links_by_dhcp6_pd_prefix, &in6_addr_hash_ops_free, copy, link); | |
89 | if (r < 0) | |
90 | return r; | |
91 | if (r > 0) | |
92 | TAKE_PTR(copy); | |
93 | ||
94 | return 0; | |
95 | } | |
96 | ||
97 | static int link_get_by_dhcp6_pd_prefix(Manager *manager, const struct in6_addr *prefix, Link **ret) { | |
98 | Link *link; | |
99 | ||
100 | assert(manager); | |
101 | assert(prefix); | |
102 | ||
103 | link = hashmap_get(manager->links_by_dhcp6_pd_prefix, prefix); | |
104 | if (!link) | |
105 | return -ENODEV; | |
106 | ||
107 | if (ret) | |
108 | *ret = link; | |
109 | return 0; | |
110 | } | |
111 | ||
112 | static int dhcp6_pd_get_assigned_prefix(Link *link, const struct in6_addr *pd_prefix, uint8_t pd_prefix_len, struct in6_addr *ret) { | |
113 | assert(link); | |
114 | assert(pd_prefix); | |
115 | ||
116 | if (!link_dhcp6_pd_is_enabled(link)) | |
117 | return -ENOENT; | |
118 | ||
119 | if (link->network->dhcp6_pd_assign) { | |
120 | Address *address; | |
121 | ||
122 | SET_FOREACH(address, link->addresses) { | |
123 | if (address->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
124 | continue; | |
125 | assert(address->family == AF_INET6); | |
126 | ||
127 | if (in6_addr_prefix_covers(pd_prefix, pd_prefix_len, &address->in_addr.in6) <= 0) | |
128 | continue; | |
129 | ||
130 | if (ret) { | |
131 | struct in6_addr prefix = address->in_addr.in6; | |
132 | ||
133 | in6_addr_mask(&prefix, 64); | |
134 | *ret = prefix; | |
135 | } | |
136 | return 0; | |
137 | } | |
138 | } else { | |
139 | Route *route; | |
140 | ||
141 | SET_FOREACH(route, link->routes) { | |
142 | if (route->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
143 | continue; | |
144 | assert(route->family == AF_INET6); | |
145 | ||
146 | if (in6_addr_prefix_covers(pd_prefix, pd_prefix_len, &route->dst.in6) > 0) { | |
147 | if (ret) | |
148 | *ret = route->dst.in6; | |
149 | return 0; | |
150 | } | |
151 | } | |
152 | } | |
153 | ||
154 | return -ENOENT; | |
155 | } | |
156 | ||
157 | int dhcp6_pd_remove(Link *link, bool only_marked) { | |
158 | int k, r = 0; | |
159 | ||
160 | assert(link); | |
161 | assert(link->manager); | |
162 | ||
163 | if (!link_dhcp6_pd_is_enabled(link)) | |
164 | return 0; | |
165 | ||
166 | if (!only_marked) | |
167 | link->dhcp6_pd_configured = false; | |
168 | ||
169 | if (!link->network->dhcp6_pd_assign) { | |
170 | Route *route; | |
171 | ||
172 | SET_FOREACH(route, link->routes) { | |
173 | if (route->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
174 | continue; | |
175 | if (only_marked && !route_is_marked(route)) | |
176 | continue; | |
177 | ||
178 | if (link->radv) | |
179 | (void) sd_radv_remove_prefix(link->radv, &route->dst.in6, 64); | |
180 | ||
181 | link_remove_dhcp6_pd_prefix(link, &route->dst.in6); | |
182 | ||
183 | k = route_remove(route); | |
184 | if (k < 0) | |
185 | r = k; | |
186 | ||
187 | route_cancel_request(route); | |
188 | } | |
189 | } else { | |
190 | Address *address; | |
191 | ||
192 | SET_FOREACH(address, link->addresses) { | |
193 | struct in6_addr prefix; | |
194 | ||
195 | if (address->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
196 | continue; | |
197 | if (only_marked && !address_is_marked(address)) | |
198 | continue; | |
199 | ||
200 | prefix = address->in_addr.in6; | |
201 | in6_addr_mask(&prefix, 64); | |
202 | ||
203 | if (link->radv) | |
204 | (void) sd_radv_remove_prefix(link->radv, &prefix, 64); | |
205 | ||
206 | link_remove_dhcp6_pd_prefix(link, &prefix); | |
207 | ||
208 | k = address_remove(address); | |
209 | if (k < 0) | |
210 | r = k; | |
211 | ||
212 | address_cancel_request(address); | |
213 | } | |
214 | } | |
215 | ||
216 | return r; | |
217 | } | |
218 | ||
219 | static int dhcp6_pd_check_ready(Link *link); | |
220 | ||
221 | static int dhcp6_pd_address_ready_callback(Address *address) { | |
222 | Address *a; | |
223 | ||
224 | assert(address); | |
225 | assert(address->link); | |
226 | ||
227 | SET_FOREACH(a, address->link->addresses) | |
228 | if (a->source == NETWORK_CONFIG_SOURCE_DHCP6PD) | |
229 | a->callback = NULL; | |
230 | ||
231 | return dhcp6_pd_check_ready(address->link); | |
232 | } | |
233 | ||
234 | static int dhcp6_pd_check_ready(Link *link) { | |
235 | int r; | |
236 | ||
237 | assert(link); | |
238 | assert(link->network); | |
239 | ||
240 | if (link->dhcp6_pd_messages > 0) { | |
241 | log_link_debug(link, "%s(): DHCPv6PD addresses and routes are not set.", __func__); | |
242 | return 0; | |
243 | } | |
244 | ||
245 | if (link->network->dhcp6_pd_assign) { | |
246 | bool has_ready = false; | |
247 | Address *address; | |
248 | ||
249 | SET_FOREACH(address, link->addresses) { | |
250 | if (address->source != NETWORK_CONFIG_SOURCE_DHCP6PD) | |
251 | continue; | |
252 | if (address_is_ready(address)) { | |
253 | has_ready = true; | |
254 | break; | |
255 | } | |
256 | } | |
257 | ||
258 | if (!has_ready) { | |
259 | SET_FOREACH(address, link->addresses) | |
260 | if (address->source == NETWORK_CONFIG_SOURCE_DHCP6PD) | |
261 | address->callback = dhcp6_pd_address_ready_callback; | |
262 | ||
263 | log_link_debug(link, "%s(): no DHCPv6PD address is ready.", __func__); | |
264 | return 0; | |
265 | } | |
266 | } | |
267 | ||
268 | link->dhcp6_pd_configured = true; | |
269 | ||
270 | log_link_debug(link, "DHCPv6 PD addresses and routes set."); | |
271 | ||
272 | r = dhcp6_pd_remove(link, /* only_marked = */ true); | |
273 | if (r < 0) | |
274 | return r; | |
275 | ||
276 | link_check_ready(link); | |
277 | return 1; | |
278 | } | |
279 | ||
280 | static int dhcp6_pd_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { | |
281 | int r; | |
282 | ||
283 | assert(link); | |
284 | assert(link->dhcp6_pd_messages > 0); | |
285 | ||
286 | link->dhcp6_pd_messages--; | |
287 | ||
288 | r = route_configure_handler_internal(rtnl, m, link, "Failed to add DHCPv6 Prefix Delegation route"); | |
289 | if (r <= 0) | |
290 | return r; | |
291 | ||
292 | r = dhcp6_pd_check_ready(link); | |
293 | if (r < 0) | |
294 | link_enter_failed(link); | |
295 | ||
296 | return 1; | |
297 | } | |
298 | ||
299 | static int dhcp6_pd_request_route(Link *link, const struct in6_addr *prefix, usec_t lifetime_usec) { | |
300 | _cleanup_(route_freep) Route *route = NULL; | |
301 | Route *existing; | |
302 | int r; | |
303 | ||
304 | assert(link); | |
305 | assert(link->network); | |
306 | assert(prefix); | |
307 | ||
308 | if (link->network->dhcp6_pd_assign) | |
309 | return 0; | |
310 | ||
311 | r = route_new(&route); | |
312 | if (r < 0) | |
313 | return r; | |
314 | ||
315 | route->source = NETWORK_CONFIG_SOURCE_DHCP6PD; | |
316 | route->family = AF_INET6; | |
317 | route->dst.in6 = *prefix; | |
318 | route->dst_prefixlen = 64; | |
319 | route->protocol = RTPROT_DHCP; | |
320 | route->priority = link->network->dhcp6_pd_route_metric; | |
321 | route->lifetime_usec = lifetime_usec; | |
322 | ||
323 | if (route_get(NULL, link, route, &existing) < 0) | |
324 | link->dhcp6_pd_configured = false; | |
325 | else | |
326 | route_unmark(existing); | |
327 | ||
328 | r = link_request_route(link, TAKE_PTR(route), true, &link->dhcp6_pd_messages, | |
329 | dhcp6_pd_route_handler, NULL); | |
330 | if (r < 0) | |
331 | return log_link_error_errno(link, r, "Failed to request DHCPv6 prefix route: %m"); | |
332 | ||
333 | return 0; | |
334 | } | |
335 | ||
336 | static int dhcp6_pd_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { | |
337 | int r; | |
338 | ||
339 | assert(link); | |
340 | assert(link->dhcp6_pd_messages > 0); | |
341 | ||
342 | link->dhcp6_pd_messages--; | |
343 | ||
344 | r = address_configure_handler_internal(rtnl, m, link, "Could not set DHCPv6 delegated prefix address"); | |
345 | if (r <= 0) | |
346 | return r; | |
347 | ||
348 | r = dhcp6_pd_check_ready(link); | |
349 | if (r < 0) | |
350 | link_enter_failed(link); | |
351 | ||
352 | return 1; | |
353 | } | |
354 | ||
355 | static void log_dhcp6_pd_address(Link *link, const Address *address) { | |
356 | _cleanup_free_ char *buffer = NULL; | |
357 | int log_level; | |
358 | ||
359 | assert(address); | |
360 | assert(address->family == AF_INET6); | |
361 | ||
362 | log_level = address_get(link, address, NULL) >= 0 ? LOG_DEBUG : LOG_INFO; | |
363 | ||
364 | if (log_level < log_get_max_level()) | |
365 | return; | |
366 | ||
367 | (void) in6_addr_prefix_to_string(&address->in_addr.in6, address->prefixlen, &buffer); | |
368 | ||
369 | log_link_full(link, log_level, "DHCPv6-PD address %s (valid %s, preferred %s)", | |
370 | strna(buffer), | |
371 | FORMAT_LIFETIME(address->lifetime_valid_usec), | |
372 | FORMAT_LIFETIME(address->lifetime_preferred_usec)); | |
373 | } | |
374 | ||
375 | static int dhcp6_pd_request_address( | |
376 | Link *link, | |
377 | const struct in6_addr *prefix, | |
378 | usec_t lifetime_preferred_usec, | |
379 | usec_t lifetime_valid_usec) { | |
380 | ||
381 | _cleanup_set_free_ Set *addresses = NULL; | |
382 | struct in6_addr *a; | |
383 | int r; | |
384 | ||
385 | assert(link); | |
386 | assert(link->network); | |
387 | assert(prefix); | |
388 | ||
389 | if (!link->network->dhcp6_pd_assign) | |
390 | return 0; | |
391 | ||
392 | r = dhcp6_pd_generate_addresses(link, prefix, &addresses); | |
393 | if (r < 0) | |
394 | return log_link_warning_errno(link, r, "Failed to generate addresses for acquired DHCPv6 delegated prefix: %m"); | |
395 | ||
396 | SET_FOREACH(a, addresses) { | |
397 | _cleanup_(address_freep) Address *address = NULL; | |
398 | Address *existing; | |
399 | ||
400 | r = address_new(&address); | |
401 | if (r < 0) | |
402 | return log_link_error_errno(link, r, "Failed to allocate address for DHCPv6 delegated prefix: %m"); | |
403 | ||
404 | address->source = NETWORK_CONFIG_SOURCE_DHCP6PD; | |
405 | address->family = AF_INET6; | |
406 | address->in_addr.in6 = *a; | |
407 | address->prefixlen = 64; | |
408 | address->lifetime_preferred_usec = lifetime_preferred_usec; | |
409 | address->lifetime_valid_usec = lifetime_valid_usec; | |
410 | SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp6_pd_manage_temporary_address); | |
411 | address->route_metric = link->network->dhcp6_pd_route_metric; | |
412 | ||
413 | log_dhcp6_pd_address(link, address); | |
414 | ||
415 | if (address_get(link, address, &existing) < 0) | |
416 | link->dhcp6_pd_configured = false; | |
417 | else | |
418 | address_unmark(existing); | |
419 | ||
420 | r = link_request_address(link, TAKE_PTR(address), true, &link->dhcp6_pd_messages, | |
421 | dhcp6_pd_address_handler, NULL); | |
422 | if (r < 0) | |
423 | return log_link_error_errno(link, r, "Failed to request DHCPv6 delegated prefix address: %m"); | |
424 | } | |
425 | ||
426 | return 0; | |
427 | } | |
428 | ||
429 | static bool link_has_preferred_subnet_id(Link *link) { | |
430 | if (!link->network) | |
431 | return false; | |
432 | ||
433 | return link->network->dhcp6_pd_subnet_id >= 0; | |
434 | } | |
435 | ||
436 | static int dhcp6_pd_calculate_prefix( | |
437 | const struct in6_addr *pd_prefix, | |
438 | uint8_t pd_prefix_len, | |
439 | uint64_t subnet_id, | |
440 | struct in6_addr *ret) { | |
441 | ||
442 | struct in6_addr prefix; | |
443 | ||
444 | assert(pd_prefix); | |
445 | assert(pd_prefix_len <= 64); | |
446 | assert(ret); | |
447 | ||
448 | if (subnet_id >= UINT64_C(1) << (64 - pd_prefix_len)) | |
449 | return -ERANGE; | |
450 | ||
451 | prefix = *pd_prefix; | |
452 | ||
453 | if (pd_prefix_len < 32) | |
454 | prefix.s6_addr32[0] |= htobe32(subnet_id >> 32); | |
455 | ||
456 | prefix.s6_addr32[1] |= htobe32(subnet_id & 0xffffffff); | |
457 | ||
458 | *ret = prefix; | |
459 | return 0; | |
460 | } | |
461 | ||
462 | static int dhcp6_pd_get_preferred_prefix( | |
463 | Link *link, | |
464 | const struct in6_addr *pd_prefix, | |
465 | uint8_t pd_prefix_len, | |
466 | struct in6_addr *ret) { | |
467 | ||
468 | struct in6_addr prefix; | |
469 | Link *assigned_link; | |
470 | int r; | |
471 | ||
472 | assert(link); | |
473 | assert(link->manager); | |
474 | assert(pd_prefix); | |
475 | ||
476 | if (link_has_preferred_subnet_id(link)) { | |
477 | /* If the link has a preference for a particular subnet id try to allocate that */ | |
478 | ||
479 | r = dhcp6_pd_calculate_prefix(pd_prefix, pd_prefix_len, link->network->dhcp6_pd_subnet_id, &prefix); | |
480 | if (r < 0) | |
481 | return log_link_warning_errno(link, r, | |
482 | "subnet id %" PRIu64 " is out of range. Only have %" PRIu64 " subnets.", | |
483 | link->network->dhcp6_pd_subnet_id, UINT64_C(1) << (64 - pd_prefix_len)); | |
484 | ||
485 | if (link_get_by_dhcp6_pd_prefix(link->manager, &prefix, &assigned_link) >= 0 && | |
486 | assigned_link != link) { | |
487 | _cleanup_free_ char *assigned_buf = NULL; | |
488 | ||
489 | (void) in6_addr_to_string(&prefix, &assigned_buf); | |
490 | return log_link_warning_errno(link, SYNTHETIC_ERRNO(EAGAIN), | |
491 | "The requested prefix %s is already assigned to another link.", | |
492 | strna(assigned_buf)); | |
493 | } | |
494 | ||
495 | *ret = prefix; | |
496 | return 0; | |
497 | } | |
498 | ||
499 | for (uint64_t n = 0; ; n++) { | |
500 | /* If we do not have an allocation preference just iterate | |
501 | * through the address space and return the first free prefix. */ | |
502 | ||
503 | r = dhcp6_pd_calculate_prefix(pd_prefix, pd_prefix_len, n, &prefix); | |
504 | if (r < 0) | |
505 | return log_link_warning_errno(link, r, | |
506 | "Couldn't find a suitable prefix. Ran out of address space."); | |
507 | ||
508 | /* Do not use explicitly requested subnet IDs. Note that the corresponding link may not | |
509 | * appear yet. So, we need to check the ID is not used in any .network files. */ | |
510 | if (set_contains(link->manager->dhcp6_pd_subnet_ids, &n)) | |
511 | continue; | |
512 | ||
513 | /* Check that the prefix is not assigned to another link. */ | |
514 | if (link_get_by_dhcp6_pd_prefix(link->manager, &prefix, &assigned_link) < 0 || | |
515 | assigned_link == link) { | |
516 | *ret = prefix; | |
517 | return 0; | |
518 | } | |
519 | } | |
520 | } | |
521 | ||
522 | static int dhcp6_pd_assign_prefix( | |
523 | Link *link, | |
524 | const struct in6_addr *pd_prefix, | |
525 | uint8_t pd_prefix_len, | |
526 | usec_t lifetime_preferred_usec, | |
527 | usec_t lifetime_valid_usec) { | |
528 | ||
529 | _cleanup_free_ char *buf = NULL; | |
530 | struct in6_addr prefix; | |
531 | int r; | |
532 | ||
533 | assert(link); | |
534 | assert(link->network); | |
535 | assert(pd_prefix); | |
536 | ||
537 | if (dhcp6_pd_get_assigned_prefix(link, pd_prefix, pd_prefix_len, &prefix) < 0 && | |
538 | dhcp6_pd_get_preferred_prefix(link, pd_prefix, pd_prefix_len, &prefix) < 0) | |
539 | return 0; | |
540 | ||
541 | (void) in6_addr_prefix_to_string(&prefix, 64, &buf); | |
542 | ||
543 | if (link->network->dhcp6_pd_announce) { | |
544 | r = radv_add_prefix(link, &prefix, 64, lifetime_preferred_usec, lifetime_valid_usec); | |
545 | if (r < 0) | |
546 | return log_link_warning_errno(link, r, | |
547 | "Failed to assign/update prefix %s to IPv6 Router Advertisement: %m", | |
548 | strna(buf)); | |
549 | } | |
550 | ||
551 | r = dhcp6_pd_request_route(link, &prefix, lifetime_valid_usec); | |
552 | if (r < 0) | |
553 | return log_link_warning_errno(link, r, | |
554 | "Failed to assign/update route for prefix %s: %m", | |
555 | strna(buf)); | |
556 | ||
557 | r = dhcp6_pd_request_address(link, &prefix, lifetime_preferred_usec, lifetime_valid_usec); | |
558 | if (r < 0) | |
559 | return log_link_warning_errno(link, r, | |
560 | "Failed to assign/update address for prefix %s: %m", | |
561 | strna(buf)); | |
562 | ||
563 | r = link_add_dhcp6_pd_prefix(link, &prefix); | |
564 | if (r < 0) | |
565 | return log_link_warning_errno(link, r, | |
566 | "Failed to save assigned prefix %s: %m", | |
567 | strna(buf)); | |
568 | ||
569 | log_link_debug(link, "Assigned prefix %s", strna(buf)); | |
570 | return 1; | |
571 | } | |
572 | ||
573 | static int dhcp6_pd_distribute_prefix( | |
574 | Link *dhcp6_link, | |
575 | const struct in6_addr *pd_prefix, | |
576 | uint8_t pd_prefix_len, | |
577 | usec_t lifetime_preferred_usec, | |
578 | usec_t lifetime_valid_usec) { | |
579 | ||
580 | Link *link; | |
581 | int r; | |
582 | ||
583 | assert(dhcp6_link); | |
584 | assert(dhcp6_link->manager); | |
585 | assert(pd_prefix); | |
586 | assert(pd_prefix_len <= 64); | |
587 | ||
588 | HASHMAP_FOREACH(link, dhcp6_link->manager->links_by_index) { | |
589 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) | |
590 | continue; | |
591 | ||
592 | if (!dhcp6_pd_is_uplink(link, dhcp6_link, /* accept_auto = */ true)) | |
593 | continue; | |
594 | ||
595 | if (link->network->dhcp6_pd_announce && !link->radv) | |
596 | continue; | |
597 | ||
598 | if (link == dhcp6_link && !link->network->dhcp6_pd_assign) | |
599 | continue; | |
600 | ||
601 | r = dhcp6_pd_assign_prefix(link, pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec); | |
602 | if (r < 0) { | |
603 | if (link == dhcp6_link) | |
604 | return r; | |
605 | ||
606 | link_enter_failed(link); | |
607 | continue; | |
608 | } | |
609 | } | |
610 | ||
611 | return 0; | |
612 | } | |
613 | ||
614 | static int dhcp6_pd_prepare(Link *link) { | |
615 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) | |
616 | return 0; | |
617 | ||
618 | if (!link_dhcp6_pd_is_enabled(link)) | |
619 | return 0; | |
620 | ||
621 | if (link->network->dhcp6_pd_announce && !link->radv) | |
622 | return 0; | |
623 | ||
624 | link_mark_addresses(link, NETWORK_CONFIG_SOURCE_DHCP6PD, NULL); | |
625 | link_mark_routes(link, NETWORK_CONFIG_SOURCE_DHCP6PD, NULL); | |
626 | ||
627 | return 0; | |
628 | } | |
629 | ||
630 | static int dhcp6_pd_finalize(Link *link) { | |
631 | int r; | |
632 | ||
633 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) | |
634 | return 0; | |
635 | ||
636 | if (!link_dhcp6_pd_is_enabled(link)) | |
637 | return 0; | |
638 | ||
639 | if (link->network->dhcp6_pd_announce && !link->radv) | |
640 | return 0; | |
641 | ||
642 | if (link->dhcp6_pd_messages == 0) { | |
643 | link->dhcp6_pd_configured = false; | |
644 | ||
645 | r = dhcp6_pd_remove(link, /* only_marked = */ true); | |
646 | if (r < 0) | |
647 | return r; | |
648 | } | |
649 | ||
650 | if (!link->dhcp6_pd_configured) | |
651 | link_set_state(link, LINK_STATE_CONFIGURING); | |
652 | ||
653 | link_check_ready(link); | |
654 | return 0; | |
655 | } | |
656 | ||
657 | void dhcp6_pd_prefix_lost(Link *dhcp6_link) { | |
658 | Link *link; | |
659 | int r; | |
660 | ||
661 | assert(dhcp6_link); | |
662 | assert(dhcp6_link->manager); | |
663 | ||
664 | HASHMAP_FOREACH(link, dhcp6_link->manager->links_by_index) { | |
1d44187c | 665 | if (!dhcp6_pd_is_uplink(link, dhcp6_link, /* accept_auto = */ true)) |
d5ebcf65 YW |
666 | continue; |
667 | ||
668 | r = dhcp6_pd_remove(link, /* only_marked = */ false); | |
669 | if (r < 0) | |
670 | link_enter_failed(link); | |
671 | } | |
672 | ||
673 | set_clear(dhcp6_link->dhcp6_pd_prefixes); | |
674 | } | |
675 | ||
676 | static int dhcp6_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { | |
677 | int r; | |
678 | ||
679 | assert(link); | |
680 | assert(link->dhcp6_messages > 0); | |
681 | ||
682 | link->dhcp6_messages--; | |
683 | ||
684 | r = route_configure_handler_internal(rtnl, m, link, "Failed to set unreachable route for DHCPv6 delegated subnet"); | |
685 | if (r <= 0) | |
686 | return r; | |
687 | ||
688 | r = dhcp6_check_ready(link); | |
689 | if (r < 0) | |
690 | link_enter_failed(link); | |
691 | ||
692 | return 1; | |
693 | } | |
694 | ||
695 | static int dhcp6_request_unreachable_route(Link *link, const struct in6_addr *addr, uint8_t prefixlen, usec_t lifetime_usec) { | |
696 | _cleanup_(route_freep) Route *route = NULL; | |
697 | _cleanup_free_ char *buf = NULL; | |
698 | Route *existing; | |
699 | int r; | |
700 | ||
701 | assert(link); | |
702 | assert(addr); | |
703 | ||
704 | (void) in6_addr_prefix_to_string(addr, prefixlen, &buf); | |
705 | ||
706 | if (prefixlen == 64) { | |
707 | log_link_debug(link, "Not adding a blocking route for DHCPv6 delegated subnet %s since distributed prefix is 64", | |
708 | strna(buf)); | |
709 | return 0; | |
710 | } | |
711 | ||
712 | r = route_new(&route); | |
713 | if (r < 0) | |
714 | return log_oom(); | |
715 | ||
716 | route->source = NETWORK_CONFIG_SOURCE_DHCP6; | |
717 | route->family = AF_INET6; | |
718 | route->dst.in6 = *addr; | |
719 | route->dst_prefixlen = prefixlen; | |
720 | route->table = link_get_dhcp6_route_table(link); | |
721 | route->type = RTN_UNREACHABLE; | |
722 | route->protocol = RTPROT_DHCP; | |
723 | route->priority = DHCP_ROUTE_METRIC; | |
724 | route->lifetime_usec = lifetime_usec; | |
725 | ||
726 | if (route_get(link->manager, NULL, route, &existing) < 0) | |
727 | link->dhcp6_configured = false; | |
728 | else | |
729 | route_unmark(existing); | |
730 | ||
731 | r = link_request_route(link, TAKE_PTR(route), true, &link->dhcp6_messages, | |
732 | dhcp6_route_handler, NULL); | |
733 | if (r < 0) | |
734 | return log_link_error_errno(link, r, "Failed to request unreachable route for DHCPv6 delegated subnet %s: %m", | |
735 | strna(buf)); | |
736 | ||
737 | return 0; | |
738 | } | |
739 | ||
740 | static int dhcp6_pd_prefix_add(Link *link, const struct in6_addr *prefix, uint8_t prefixlen) { | |
741 | _cleanup_free_ char *buf = NULL; | |
742 | struct in_addr_prefix *p; | |
743 | int r; | |
744 | ||
745 | assert(link); | |
746 | assert(prefix); | |
747 | ||
748 | p = new(struct in_addr_prefix, 1); | |
749 | if (!p) | |
750 | return log_oom(); | |
751 | ||
752 | *p = (struct in_addr_prefix) { | |
753 | .family = AF_INET6, | |
754 | .prefixlen = prefixlen, | |
755 | .address.in6 = *prefix, | |
756 | }; | |
757 | ||
758 | (void) in6_addr_prefix_to_string(prefix, prefixlen, &buf); | |
759 | ||
760 | log_link_full(link, | |
761 | set_contains(link->dhcp6_pd_prefixes, p) ? LOG_DEBUG : | |
762 | prefixlen > 64 || prefixlen < 48 ? LOG_WARNING : LOG_INFO, | |
763 | "DHCPv6: received PD Prefix %s%s", | |
764 | strna(buf), | |
765 | prefixlen > 64 ? " with prefix length > 64, ignoring." : | |
766 | prefixlen < 48 ? " with prefix length < 48, looks unusual.": ""); | |
767 | ||
768 | /* Store PD prefix even if prefixlen > 64, not to make logged at warning level so frequently. */ | |
769 | r = set_ensure_consume(&link->dhcp6_pd_prefixes, &in_addr_prefix_hash_ops_free, p); | |
770 | if (r < 0) | |
771 | return log_link_error_errno(link, r, "Failed to store DHCPv6 PD prefix %s: %m", strna(buf)); | |
772 | ||
773 | return prefixlen <= 64; | |
774 | } | |
775 | ||
776 | int dhcp6_pd_prefix_acquired(Link *dhcp6_link) { | |
777 | usec_t timestamp_usec; | |
778 | Link *link; | |
779 | int r; | |
780 | ||
781 | assert(dhcp6_link); | |
782 | assert(dhcp6_link->dhcp6_lease); | |
783 | ||
784 | r = sd_dhcp6_lease_get_timestamp(dhcp6_link->dhcp6_lease, clock_boottime_or_monotonic(), ×tamp_usec); | |
785 | if (r < 0) | |
786 | return log_link_warning_errno(dhcp6_link, r, "Failed to get timestamp of DHCPv6 lease: %m"); | |
787 | ||
788 | HASHMAP_FOREACH(link, dhcp6_link->manager->links_by_index) { | |
789 | r = dhcp6_pd_prepare(link); | |
790 | if (r < 0) { | |
791 | /* When failed on the upstream interface (i.e., the case link == dhcp6_link), | |
792 | * immediately abort the assignment of the prefixes. As, the all assigned | |
793 | * prefixes will be dropped soon in link_enter_failed(), and it is meaningless | |
794 | * to continue the assignment. */ | |
795 | if (link == dhcp6_link) | |
796 | return r; | |
797 | ||
798 | link_enter_failed(link); | |
799 | } | |
800 | } | |
801 | ||
802 | for (sd_dhcp6_lease_reset_pd_prefix_iter(dhcp6_link->dhcp6_lease);;) { | |
803 | uint32_t lifetime_preferred_sec, lifetime_valid_sec; | |
804 | usec_t lifetime_preferred_usec, lifetime_valid_usec; | |
805 | struct in6_addr pd_prefix; | |
806 | uint8_t pd_prefix_len; | |
807 | ||
808 | r = sd_dhcp6_lease_get_pd(dhcp6_link->dhcp6_lease, &pd_prefix, &pd_prefix_len, | |
809 | &lifetime_preferred_sec, &lifetime_valid_sec); | |
810 | if (r < 0) | |
811 | break; | |
812 | ||
813 | lifetime_preferred_usec = usec_add(lifetime_preferred_sec * USEC_PER_SEC, timestamp_usec); | |
814 | lifetime_valid_usec = usec_add(lifetime_valid_sec * USEC_PER_SEC, timestamp_usec); | |
815 | ||
816 | r = dhcp6_pd_prefix_add(dhcp6_link, &pd_prefix, pd_prefix_len); | |
817 | if (r < 0) | |
818 | return r; | |
819 | if (r == 0) | |
820 | continue; | |
821 | ||
822 | r = dhcp6_request_unreachable_route(dhcp6_link, &pd_prefix, pd_prefix_len, lifetime_valid_usec); | |
823 | if (r < 0) | |
824 | return r; | |
825 | ||
826 | /* We are doing prefix allocation in two steps: | |
827 | * 1. all those links that have a preferred subnet id will be assigned their subnet | |
828 | * 2. all those links that remain will receive prefixes in sequential order. Prefixes | |
829 | * that were previously already allocated to another link will be skipped. | |
830 | * The assignment has to be split in two phases since subnet id | |
831 | * preferences should be honored. Meaning that any subnet id should be | |
832 | * handed out to the requesting link and not to some link that didn't | |
833 | * specify any preference. */ | |
834 | ||
835 | assert(pd_prefix_len <= 64); | |
836 | ||
837 | /* Mask prefix for safety. */ | |
838 | r = in6_addr_mask(&pd_prefix, pd_prefix_len); | |
839 | if (r < 0) | |
840 | return log_link_error_errno(dhcp6_link, r, "Failed to mask DHCPv6 PD prefix: %m"); | |
841 | ||
842 | if (DEBUG_LOGGING) { | |
843 | uint64_t n_prefixes = UINT64_C(1) << (64 - pd_prefix_len); | |
844 | _cleanup_free_ char *buf = NULL; | |
845 | ||
846 | (void) in6_addr_prefix_to_string(&pd_prefix, pd_prefix_len, &buf); | |
847 | log_link_debug(dhcp6_link, "Assigning up to %" PRIu64 " prefixes from %s", | |
848 | n_prefixes, strna(buf)); | |
849 | } | |
850 | ||
851 | r = dhcp6_pd_distribute_prefix(dhcp6_link, | |
852 | &pd_prefix, | |
853 | pd_prefix_len, | |
854 | lifetime_preferred_usec, | |
855 | lifetime_valid_usec); | |
856 | if (r < 0) | |
857 | return r; | |
858 | } | |
859 | ||
860 | HASHMAP_FOREACH(link, dhcp6_link->manager->links_by_index) { | |
861 | r = dhcp6_pd_finalize(link); | |
862 | if (r < 0) { | |
863 | if (link == dhcp6_link) | |
864 | return r; | |
865 | ||
866 | link_enter_failed(link); | |
867 | } | |
868 | } | |
869 | ||
870 | return 0; | |
871 | } | |
872 | ||
873 | static int dhcp6_pd_assign_prefixes(Link *link, Link *uplink) { | |
874 | usec_t timestamp_usec; | |
875 | int r; | |
876 | ||
877 | assert(link); | |
878 | assert(uplink); | |
879 | assert(uplink->dhcp6_lease); | |
880 | ||
881 | /* This is similar to dhcp6_pd_prefix_acquired(), but called when a downstream interface | |
882 | * appears later or reconfiguring the interface. */ | |
883 | ||
884 | r = sd_dhcp6_lease_get_timestamp(uplink->dhcp6_lease, clock_boottime_or_monotonic(), ×tamp_usec); | |
885 | if (r < 0) | |
886 | return r; | |
887 | ||
888 | r = dhcp6_pd_prepare(link); | |
889 | if (r < 0) | |
890 | return r; | |
891 | ||
892 | for (sd_dhcp6_lease_reset_pd_prefix_iter(uplink->dhcp6_lease);;) { | |
893 | uint32_t lifetime_preferred_sec, lifetime_valid_sec; | |
894 | usec_t lifetime_preferred_usec, lifetime_valid_usec; | |
895 | struct in6_addr pd_prefix; | |
896 | uint8_t pd_prefix_len; | |
897 | ||
898 | r = sd_dhcp6_lease_get_pd(uplink->dhcp6_lease, &pd_prefix, &pd_prefix_len, | |
899 | &lifetime_preferred_sec, &lifetime_valid_sec); | |
900 | if (r < 0) | |
901 | break; | |
902 | ||
903 | lifetime_preferred_usec = usec_add(lifetime_preferred_sec * USEC_PER_SEC, timestamp_usec); | |
904 | lifetime_valid_usec = usec_add(lifetime_valid_sec * USEC_PER_SEC, timestamp_usec); | |
905 | ||
906 | if (pd_prefix_len > 64) | |
907 | continue; | |
908 | ||
909 | /* Mask prefix for safety. */ | |
910 | r = in6_addr_mask(&pd_prefix, pd_prefix_len); | |
911 | if (r < 0) | |
912 | return r; | |
913 | ||
914 | r = dhcp6_pd_assign_prefix(link, &pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec); | |
915 | if (r < 0) | |
916 | return r; | |
917 | } | |
918 | ||
919 | r = dhcp6_pd_finalize(link); | |
920 | if (r < 0) | |
921 | return r; | |
922 | ||
923 | return 0; | |
924 | } | |
925 | ||
926 | static bool dhcp6_pd_uplink_is_ready(Link *link) { | |
927 | assert(link); | |
928 | ||
929 | if (!link->network) | |
930 | return false; | |
931 | ||
932 | if (!link->network->dhcp6_use_pd_prefix) | |
933 | return false; | |
934 | ||
935 | if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) | |
936 | return false; | |
937 | ||
938 | if (!link->dhcp6_client) | |
939 | return false; | |
940 | ||
941 | if (sd_dhcp6_client_is_running(link->dhcp6_client) <= 0) | |
942 | return false; | |
943 | ||
944 | if (!link->dhcp6_lease) | |
945 | return false; | |
946 | ||
947 | return dhcp6_lease_has_pd_prefix(link->dhcp6_lease); | |
948 | } | |
949 | ||
950 | int dhcp6_pd_find_uplink(Link *link, Link **ret) { | |
951 | Link *uplink = NULL; | |
952 | int r = 0; | |
953 | ||
954 | assert(link); | |
955 | assert(link->manager); | |
956 | assert(link_dhcp6_pd_is_enabled(link)); | |
957 | assert(ret); | |
958 | ||
959 | if (link->network->dhcp6_pd_uplink_name) | |
960 | r = link_get_by_name(link->manager, link->network->dhcp6_pd_uplink_name, &uplink); | |
961 | else if (link->network->dhcp6_pd_uplink_index > 0) | |
962 | r = link_get_by_index(link->manager, link->network->dhcp6_pd_uplink_index, &uplink); | |
963 | else if (link->network->dhcp6_pd_uplink_index == UPLINK_INDEX_SELF) | |
964 | uplink = link; | |
965 | if (r < 0) | |
966 | return r; | |
967 | ||
968 | if (uplink) { | |
969 | if (!dhcp6_pd_uplink_is_ready(uplink)) | |
970 | return -EBUSY; | |
971 | ||
972 | *ret = uplink; | |
973 | return 0; | |
974 | } | |
975 | ||
976 | HASHMAP_FOREACH(uplink, link->manager->links_by_index) { | |
977 | if (!dhcp6_pd_uplink_is_ready(uplink)) | |
978 | continue; | |
979 | ||
980 | /* Assume that there exists at most one link which acquired delegated prefixes. */ | |
981 | *ret = uplink; | |
982 | return 0; | |
983 | } | |
984 | ||
985 | return -ENODEV; | |
986 | } | |
987 | ||
988 | int dhcp6_request_prefix_delegation(Link *link) { | |
989 | Link *uplink; | |
990 | ||
991 | assert(link); | |
992 | ||
993 | if (!link_dhcp6_pd_is_enabled(link)) | |
994 | return 0; | |
995 | ||
996 | if (dhcp6_pd_find_uplink(link, &uplink) < 0) | |
997 | return 0; | |
998 | ||
999 | log_link_debug(link, "Requesting subnets of delegated prefixes acquired by %s", uplink->ifname); | |
1000 | return dhcp6_pd_assign_prefixes(link, uplink); | |
1001 | } | |
1002 | ||
1003 | int config_parse_dhcp6_pd_subnet_id( | |
1004 | const char *unit, | |
1005 | const char *filename, | |
1006 | unsigned line, | |
1007 | const char *section, | |
1008 | unsigned section_line, | |
1009 | const char *lvalue, | |
1010 | int ltype, | |
1011 | const char *rvalue, | |
1012 | void *data, | |
1013 | void *userdata) { | |
1014 | ||
1015 | int64_t *p = data; | |
1016 | uint64_t t; | |
1017 | int r; | |
1018 | ||
1019 | assert(filename); | |
1020 | assert(lvalue); | |
1021 | assert(rvalue); | |
1022 | assert(data); | |
1023 | ||
1024 | if (isempty(rvalue) || streq(rvalue, "auto")) { | |
1025 | *p = -1; | |
1026 | return 0; | |
1027 | } | |
1028 | ||
1029 | r = safe_atoux64(rvalue, &t); | |
1030 | if (r < 0) { | |
1031 | log_syntax(unit, LOG_WARNING, filename, line, r, | |
1032 | "Failed to parse %s=, ignoring assignment: %s", | |
1033 | lvalue, rvalue); | |
1034 | return 0; | |
1035 | } | |
1036 | if (t > INT64_MAX) { | |
1037 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
1038 | "Invalid subnet id '%s', ignoring assignment.", | |
1039 | rvalue); | |
1040 | return 0; | |
1041 | } | |
1042 | ||
1043 | *p = (int64_t) t; | |
1044 | ||
1045 | return 0; | |
1046 | } |